- (Topic 4)
A company's marketing department is running a rendering application on virtual desktops. Currently, the application runs slowly, and it takes a long time to refresh the screen. The virtualization administrator is tasked with resolving this issue. Which of the following is the BEST solution?
Correct Answer:
A
GPU passthrough is a technique that allows a virtual machine to access and use the physical GPU of the host machine directly. This can improve the performance and quality of graphics-intensive applications, such as rendering, gaming, or video editing, that run on the virtual machine123.
GPU passthrough can help resolve the issue of the rendering application running slowly and taking a long time to refresh the screen on the virtual desktops. By enabling GPU passthrough, the virtualization administrator can allow the rendering application to leverage the full power and features of the host GPU, rather than relying on the limited and shared resources of a virtual GPU. This can result in faster rendering, smoother animations, and higher resolution12
- (Topic 4)
A cloud administrator must ensure all servers are in compliance with the company's security policy Which of the following should the administrator check FIRST?
Correct Answer:
C
Hardened baselines are a set of security best practices that reduce the vulnerability of a system to exploits by reducing its attack surface1. They are also known as security configurations or benchmarks, and they provide a standard level of system hardening for an organization23.
Checking the hardened baselines of the servers is the first step that a cloud administrator should take to ensure compliance with the company’s security policy. This is because hardened baselines can help to:
Identify and eliminate common vulnerabilities and exposures (CVEs) that attackers can exploit1.
Remove unnecessary or unused services, accounts, software, and ports that can increase the attack surface23.
Apply appropriate settings and controls for encryption, authentication, authorization, firewall, and logging23.
Streamline audits and testing by reducing complexity and providing a reliable benchmark23.
- (Topic 4)
A systems administrator is configuring a DNS server. Which of the following steps should a technician take to ensure confidentiality between the DNS server and an upstream DNS provider?
Correct Answer:
C
DNS (Domain Name System) is a service that translates human-friendly domain names into IP addresses that can be used to communicate over the Internet1. However, DNS queries and responses are usually sent in plain text, which means that anyone who can intercept the network traffic can see the domain names that the users are requesting. This poses a threat to the confidentiality and privacy of the users and their online activities2.
To ensure confidentiality between the DNS server and an upstream DNS provider, a technician should configure DOH (DNS over HTTPS). DOH is a protocol that encrypts DNS queries and responses using HTTPS (Hypertext Transfer Protocol Secure), which is a secure version of HTTP that uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to protect the data in transit3. By using DOH, the technician can prevent eavesdropping, tampering, or spoofing of DNS traffic by malicious actors3.
The other options are not the best steps to ensure confidentiality between the DNS server and an upstream DNS provider:
✑ Option A: Enable DNSSEC (DNS Security Extensions). DNSSEC is a set of
extensions that add digital signatures to DNS records, which can be used to verify the authenticity and integrity of the DNS data. DNSSEC can prevent DNS cache poisoning attacks, where an attacker inserts false DNS records into a DNS server’s cache, redirecting users to malicious websites. However, DNSSEC does not encrypt or hide the DNS queries and responses, so it does not provide confidentiality for DNS traffic2.
✑ Option B: Implement single sign-on (SSO). SSO is a mechanism that allows users
to access multiple services or applications with one set of credentials, such as a username and password. SSO can simplify the authentication process and reduce the risk of password compromise or phishing attacks. However, SSO does not affect the communication between the DNS server and an upstream DNS provider, so it does not provide confidentiality for DNS traffic.
✑ Option D: Set up DNS over SSL (DNS over Secure Sockets Layer). This option is
not a valid protocol for securing DNS traffic. SSL is a deprecated protocol that has been replaced by TLS (Transport Layer Security), which is more secure and robust. The correct protocol for encrypting DNS traffic using SSL/TLS is DOH (DNS over HTTPS), as explained above.
- (Topic 1)
A systems administrator needs to configure a set of policies to protect the data to comply with mandatory regulations.
Which of the following should the administrator implement to ensure DLP efficiently prevents the exposure of sensitive data in a cloud environment?
Correct Answer:
C
Classification is a process of assigning labels or categories to data based on its sensitivity, value, or risk level. Classification can help implement data loss prevention (DLP) policies by identifying which data needs to be protected and how to protect it according to its classification level. Classification can also help comply with mandatory regulations by ensuring that data is handled and stored appropriately based on its legal or contractual requirements. Classification is essential for DLP to efficiently prevent the exposure of sensitive data in a cloud environment. References: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
- (Topic 3)
A company wants to utilize its private cloud for a new application. The private cloud resources can meet 75% of the application's resource requirements. Which of the following
scaling techniques can the cloud administrator implement to accommodate 100% of the application's requirements?
Correct Answer:
C
According to the CompTIA Cloud+ Study Guide1, scaling is “the ability to increase or decrease the size or capacity of a cloud service”. There are two main types of scaling: horizontal and vertical.
Horizontal scaling is “the ability to increase or decrease the number of instances or nodes of a cloud service”. This means that horizontal scaling can add or remove servers or virtual machines to a cloud service, depending on the workload demand. Horizontal scaling can improve availability, reliability, and performance, but it can also increase complexity and cost.
Vertical scaling is “the ability to increase or decrease the resources allocated to an instance or node of a cloud service”. This means that vertical scaling can add or remove CPU, memory, disk, or network resources to a server or virtual machine, depending on the workload demand. Vertical scaling can improve performance and efficiency, but it can also have limitations and risks.
Cloud bursting is “a technique that allows a private cloud to use public cloud resources when it reaches its capacity limit”. This means that cloud bursting can extend the private cloud to the public cloud when there is a peak in demand that exceeds the private cloud resources. Cloud bursting can provide scalability, flexibility, and cost savings, but it can also introduce challenges such as security, compatibility, and latency.
Autoscaling is “the ability to automatically increase or decrease the number of resources allocated to a cloud service based on the current demand”. This means that autoscaling can adjust the size or capacity of a cloud service without human intervention, using predefined rules or policies. Autoscaling can optimize performance, availability, and cost, but it can also require careful monitoring and configuration.
Based on this information, I think the best answer to your question is C. Cloud bursting. Cloud bursting can help the company utilize its private cloud for the new application and also access public cloud resources when the private cloud resources can only meet 75% of the application’s requirements. This way, the company can accommodate 100% of the application’s requirements without having to purchase extra computing resources for their private cloud.
I hope this helps you understand the concept of cloud bursting better. If you want to learn more about CompTIA Cloud+, you can check out some of these resources:
✑ CompTIA Cloud+ : Cloud High Availability & Scaling: A video course that covers the topics of high availability and scaling in cloud environments, including autoscaling, horizontal scaling, vertical scaling and cloud bursting.
✑ Cloud+ (Plus) Certification | CompTIA IT Certifications: The official website of CompTIA Cloud+, where you can find exam details, preparation materials, renewal information and more.
